Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 40: FEDORA-2024-5e8ae0def0 Moderate: PHP Memory Leak Fixes

fedora
Calendar Grey April 19, 2024
Dist Fedora Esm H88
Dive into the recent Fedora 40 PHP security advisory announcements, focusing on urgent vulnerabilities and enhancements to performance efficiency.
PHP version 8.3.6 (11 Apr 2024) Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.3.6 (11 Apr 2024) Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud) Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov) Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) DOM: Add some missing ZPP checks. (nielsdos) Fix potential memory leak in XPath evaluation results. (nielsdos) FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka) Fix incorrect check in fpm_shm_free(). (nielsdos) GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki...

Topics%20covered

Topics Covered

security advisory software update Fedora security fix memory leak performance improvement PHP

Change Log

* Wed Apr 10 2024 Remi Collet - 8.3.6-1 - Update to 8.3.6 - http://www.php.net/releases/8_3_6.php * Wed Apr 10 2024 Remi Collet - 8.3.5-1 - Update to 8.3.5 - https://www.php.net/manual-lookup.php?pattern=releases%2F8_3_5.php&lang=en&scope=404quickref

References


[ 1 ] Bug #2275058 - CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix https://bugzilla.redhat.com/show_bug.cgi?id=2275058 [ 2 ] Bug #2275061 - CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk https://bugzilla.redhat.com/show_bug.cgi?id=2275061 [ 3 ] Bug #2275068 - CVE-2024-2757 php: mb_encode_mimeheader runs endlessly for some inputs https://bugzilla.redhat.com/show_bug.cgi?id=2275068

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5e8ae0def0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: php
Product: Fedora 40
Version: 8.3.6
Release: 1.fc40
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory software update Fedora security fix memory leak performance improvement PHP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here